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Claims 

What is claimed is: 

1. A method for use in an RFID system comprising at least one RFID device and at least 
one reader which communicates with the RFID device, the method comprising the steps of: 

5 associating a plurality of pseudonyms with the RFID device; and 

transmitting from the RFID device different ones of the pseudonyms in response 

to different reader queries of the RFID device; 

wherein an authorized verifier is able to determine that the different transmitted 

pseudonyms are associated with the same RFID device. 

10 

2. The method of claim 1 wherein the transmitted pseudonyms are authenticated by the 

reader. 

3. The method of claim 1 wherein the transmitted pseudonyms are authenticated by a 
1 5 verifier other than the reader. 

4. The method of claim 1 wherein the RFID device is configured to authenticate itself to 
a verifier only after the verifier has authenticated itself to the RFID device. 

20 5. The method of claim 4 wherein the verifier authenticates itself to the RFID device by 

releasing to the RFID device an authentication value /?, unique to a given pseudonym a, 
transmitted by the RFID device. 

6. The method of claim 4 wherein the RFID device authenticates itself to the verifier by 
25 releasing to the verifier an authentication value y z unique to a given pseudonym a, transmitted 
by the RFID device. 



7. The method of claim 1 wherein one or more of the pseudonyms each comprise an 
identifier of the RFID device. 
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8. The method of claim 1 wherein one or more of the pseudonyms each comprise a 
portion of an identifier of the RFID device. 

9. The method of claim 1 wherein the pseudonyms are stored in the RFID device as an 
5 ordered list of pseudonyms, the method further including the steps of designating a particular 

one of the pseudonyms as a current pseudonym and, in response to a given reader query, 
transmitting the current pseudonym, wherein over a plurality of reader queries the pseudonym 
designated as the current pseudonym periodically cycles through the list of pseudonyms. 

10 10. The method of claim 9 wherein after the current pseudonym is transmitted by the 

RFID device responsive to the given query, a different one of the plurality of stored pseudonyms 
is designated as the current pseudonym to be transmitted responsive to a subsequent query. 

1 1 . The method of claim 1 wherein one or more of the pseudonyms are generated on an 
1 5 as-needed basis within the RFID device. 

12. The method of claim 1 wherein one or more of the pseudonyms are generated 
externally to the RFID device. 

20 13. The method of claim 1 further including the step of limiting a rate at which the RFID 

device is permitted to transmit pseudonyms responsive to reader queries. 

14. The method of claim 1 further including the step of periodically altering one or more 
of the plurality of pseudonyms. 

25 

15. The method of claim 14 wherein the altering step is implemented responsive to 
receipt of refresh information in the RFID device from a verifier. 
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16. The method of claim 15 wherein the refresh information comprises one or more 
refresh values transmitted from the verifier to the RFID device after mutual authentication of the 
RFID device and the verifier. 

5 17. The method of claim 1 wherein for a given value k utilized in the RFID device, a 

vector A* = {8 ( K X) ,8 ( K 2) .-,8 ( K m) } of one-time pads is maintained in the RFID device, wherein the 
one-time pad 8 ( K X) is designated as a live pad and is used by the RFID device to update the value 
k, where m denotes a number of authentication sessions over which one-time pads are 
constructed. 

10 

18. The method of claim 17 wherein the value k is updated by computing k <- k@ 8 {x) . 

19. The method of claim 17 wherein in conjunction with updating the value jc, the vector 
A* is updated utilizing a vector A^ = {8 K °\8 K {2 \...,8} m) } of one-time pads, the vector A* being 

15 updated by discarding the previous live pad 8 K (V , setting 8 ( J } = 8 ( K i+X) for 1 < i < n - 1, setting 
5^ m) = 0 l , and performing an element- wise exclusive-or of A K and A^ by 
computing 8 ( J } = 8 ( K ° © Sj° , such that the updated vector A* comprises a set of m one-time pads 
with decreasing levels of backward secrecy. 

20 20. The method of claim 1 wherein a verifier of the system is configured to store for a 

given RFID device T x a static identifier id x corresponding to at least one pseudonym of T x . 

21. The method of claim 20 wherein the pseudonyms for T x are obtained by encrypting 
id x II z x under a symmetric key K a for the verifier, where z x comprises a pseudonym counter. 

25 
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22. The method of claim 21 wherein when the verifier receives a pseudonym from the 
RFID device, the verifier decrypts the pseudonym using K a to obtain the corresponding static 
identifier id x . 

5 23. The method of claim 1 wherein a verifier of the system in conjunction with an 

authentication session with the RFID device specifies a value identifying a particular pseudonym 
to be transmitted by the RFID device. 

24. The method of claim 1 wherein the RFID device determines which of the plurality of 
10 pseudonyms to transmit responsive to a given reader query based at least in part on timing 

information. 

25. The method of claim 1 wherein the RFID device incorporates a pseudorandom 
number generator, where f K (i) represents an output of the pseudorandom number generator for 

15 index /, where k x is a seed associated with the RFID device. 

26. The method of claim 25 wherein the RFID device generates the plurality of 
pseudonyms as pseudonyms a\ =j{\)> «2 =7(2), ••■> = A^)- 

20 27. The method of claim 25 wherein the RFID device and a verifier of the system 

attempt to maintain a common counter d x unique to the RFID device, and share the seed k x . 

28. The method of claim 27 wherein in order to determine which RFID device is 
associated with a given incoming value a, the verifier performs a lookup in a list {f Kx (d x )}of 

25 current a values for a plurality of RFID devices. 
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29. The method of claim 27 wherein for a given counter value d, the RFID device 
computes a.d=j{bk + d), where b denotes a base value, and the verifier provides a subsequent 
instruction to the RFID device to increment the base value b. 

30. An apparatus for use in an RFID system, the apparatus comprising: 

an RFID device having a plurality of pseudonyms associated therewith and being 
operative to communicate with one or more readers of the system; 

the RFID device being further operative to transmit different ones of the 
pseudonyms in response to different reader queries of the RFID device; 

wherein an authorized verifier is able to determine that the different transmitted 
pseudonyms are associated with the same RFID device. 

31. An RFID system comprising: 

a plurality of RFID devices; and 

a plurality of readers which communicate with at least a subset of the RFID 

devices; 

wherein a plurality of pseudonyms are associated with a given one of the RFID 
devices, the given RFID device being configurable to transmit different ones of the pseudonyms 
in response to different reader queries of the given RFID device; 

wherein an authorized verifier is able to determine that the different transmitted 
pseudonyms are associated with the same RFID device. 

32. An apparatus for use in an RFID system, the apparatus comprising: 

a reader which communicates with one or more RFID devices; 

wherein a plurality of pseudonyms are associated with a given one of the RFID 
devices, the given RFID device transmitting different ones of the pseudonyms in response to 
different reader queries of the given RFID device; 

wherein an authorized verifier is able to determine that the different transmitted 
pseudonyms are associated with the same RFID device. 

28 



Attorney Docket No. 4414-35 

33. A method for use in a system comprising at least one device and at least one reader 
which communicates with the device, the method comprising the steps of: 
associating a plurality of pseudonyms with the device; and 
transmitting from the device different ones of the pseudonyms in response to 
5 different reader queries of the device; 

wherein the pseudonyms are determined utilizing an updateable set of one or 
more one-time pads maintained in the device. 



29 



